I have made a database connection in php and FETCH parts like story and id.
the URL forms ok without '&' but fails when '&' is added in the URL.
Here is my php code with '&id=' added in the URL
$fullurl = /cms/page.php . '?chapter=' . $row['story'] . '&id=' . $row['id'];
Can someone put me right about the correct syntax...
The error is pretty obvious
$fullurl = /cms/page.php . '?chapter=' . $row['story'] . '&id=' . $row['id'];
should be changed so that all text is within the citation marks..
$fullurl = '/cms/page.php?chapter=' . $row['story'] . '&id=' . $row['id'];
Otherwise you will end up in an error.
Also please, consider using error_reporting(E_ALL); when debugging.
The part: /cms/page.php is not a string.... and thus is wrong. You could just change it to something like this:
<?php
// NOTICE THAT THE PART "/cms/page.php" IS NOW EMBEDDED IN QUOTES (STRING)
$fullurl = "/cms/page.php" . '?chapter=' . $row['story'] . '&id=' . $row['id'];
// OR EVEN COMPACT IT LIKES SO:
$fullurl = "/cms/page.php?chapter=" . $row['story'] . '&id=' . $row['id'];
poiz
it still didnt work but i found i dont need to fetch from NEWS_ARTICLES. In fact my variables are already fetched as you see below...
Here is my actual code.
$sql = "SELECT old,title,story,shortstory,author,origauthor,ip,timestamp,allowcomments,short,approved,viewcount,rating,archive date,neverarchive,archived,id,
" . NEWS_USERS . ".user AS authorname,
" . NEWS_USERS . ".avatar AS authoravatar,
commentcount AS comments
FROM " . NEWS_ARTICLES . " INNER JOIN " . NEWS_USERS . " ON " . NEWS_ARTICLES . ".author = " . NEWS_USERS . ".uid WHERE id IN (";
if($nocats == "1"){
$sql .= "SELECT id AS storyid FROM " . NEWS_ARTICLES . " WHERE id NOT IN (SELECT storyid FROM " . NEWS_GROUPCATS . " WHERE type = 'news') UNION ";
}
$sql .= "SELECT storyid FROM " . NEWS_GROUPCATS . " WHERE type = 'news' AND catid IN (SELECT catid FROM " . NEWS_GROUPCATS . " WHERE type = 'rss' AND storyid = ?) ) AND archived = '0' ORDER BY timestamp DESC LIMIT 0, $rssamount";
$newsstories = DataAccess::fetch($sql, $feedid);
foreach($newsstories AS $row){
if(FRIENDLY){
$fullurl = $newslocation . $prefix . $row['id'] . "-0-" . makefriendly($row[title]);
}else{
$fullurl = $newslocation . '?epic-code=' . $row['shortstory'] . '&id=' . $row['id'];
}
'&id' gives...
error on line 12 at column 85: EntityRef: expecting ';'
'id' gives...
[a link] http://www.example.com//stock-charts/share-charts.php?epic-code=ALTPid=3360
the & is missing ....
Related
The SQL below when echoed in the PHP script displays only WHERE id IN (91220,91222,91232,91233,91244,91263,91264,91277)
Please help me find what is wrong with the SQL.
$sql = "UPDATE customers SET customers.name=AES_ENCRYPT('" . self::PII_OBFUSCATE_NAME . "','" . AES_CRYPT_KEY . "')"
. ", address1=AES_ENCRYPT('" . self::PII_OBFUSCATE_ADDRESS1 . "','" . AES_CRYPT_KEY . "')"
. ", day_phone=AES_ENCRYPT('" . self::PII_OBFUSCATE_PHONE . "','" . AES_CRYPT_KEY . "')"
. ", nite_phone=AES_ENCRYPT('" . self::PII_OBFUSCATE_PHONE . "','" . AES_CRYPT_KEY . "')"
. (is_array($customers_to_obfuscate))
? " WHERE id IN (" . implode(",", $customers_to_obfuscate) . ")"
: " WHERE id = '$customers_to_obfuscate'";
You need to check your braces in the ternary operator. It must look like follows:
((is_array($orders_to_obfuscate)) ? " WHERE id IN (" . implode(",", $orders_to_obfuscate) . ")" : " WHERE id = '$orders_to_obfuscate'");
I'm writing some html+php code but this part seems to be causing error. Do you see something wrong?
$sql = "SELECT p.seccio_id, count(*), sum(r.preu)
FROM report r, persona p
WHERE r.usuari_upc = p.persona_id
and r.any = " . $_POST["any"] . "
and r.mes = " . $_POST["mes"] . "
and p.any_id = '"
if ($_POST["mes"] < 9) echo ($_POST["any"] - 1) . "-" . $_POST["any"] . "'";
else echo $_POST["any"] "-" . ($_POST["any"] + 1) . "'";
"GROUP BY p.seccio_id
ORDER BY p.seccio_id";
You have to split it up:
$sql = "SELECT p.seccio_id, count(*), sum(r.preu) FROM report r, persona p WHERE .usuari_upc = p.persona_id and r.any = " . $_POST["any"] . " and r.mes = " . _POST["mes"] . " and p.any_id = '";
if ($_POST["mes"] < 9)
$sql .= ($_POST["any"] - 1) . "-" . $_POST["any"] . "'";
else
$sql .= $_POST["any"] "-" . ($_POST["any"] + 1) . "'";
$sql .= " GROUP BY p.seccio_id ORDER BY p.seccio_id";
P.S. Your sql is vulenarable to SQL injection.
How can i display search results using mysqli multiquery. I want to display values from my listing-details table and from my user table. Here is my code:
$searchquery="SELECT * FROM `listing-details` WHERE `listing-address` LIKE '%" . $address . "%' AND `listing-address-street` LIKE '%" . $street . "%' AND `listing-address-barangay-id` LIKE '%" . $barangay . "%'";
$searchquery.= "SELECT `user.user-username`, `user.user-firstname`, `user.user-lastname`, `listing-details.user-username` FROM `user`, `listing-details` WHERE `listing-details.user-username`=`user.user-username`";
if (mysqli_multi_query($conn, $searchquery)) {
do {
if ($result=mysqli_store_result($conn,$searchquery)){
while($row=mysqli_fetch_row($result)){
$listingid =$row['listing-id'];
$username =$row['user-username'];
$listingbedquantity =$row['listing-bedquantity'];
$listingbedtype =$row['listing-bedtype-id'];
$listingguestsquantity =$row['listing-guestsquantity'];
$listingplacetype =$row['listing-placetype-id'];
$listingpropertytype =$row['listing-propertytype-id'];
$listingbathroomquantity =$row['listing-bathroomquantity'];
$listingaddress =$row['listing-address'];
$listingstreet =$row['listing-address-street'];
$listingbarangay =$row['listing-address-barangay-id'];
$listingamenities =$row['listing-amenities-basic-id'];
$listingsafetyamenities =$row['listing-amenities-safety-id'];
$listingsaphotos =$row['listing-amenities-safety-photos-id'];
$listingspace =$row['listing-space-id'];
$listinglandmark =$row['listing-landmark'];
$listingpreferences =$row['listing-preferences-id'];
$listingphotoset =$row['listing-photosset-id'];
$listingexperience =$row['listing-experience-id'];
$listingfrequency =$row['listing-frequency-id'];
$listingstartdate =$row['listing-startdate'];
$listingrate =$row['listing-rate-id'];
$listingprice =$row['listing-price'];
$listingrules =$row['listing-rules-id'];
$listingtitle =$row['listing-title'];
$listingdescription =$row['listing-description'];
$firstname =$row['user-firstname'];
$lastname =$row['user-lastname'];
echo "<ul>\n";
echo "<li>"."" . "<h2>" . $listingtitle . "</h2></li>\n";
echo "<li><h6>" . $listingaddress . ", " . $listingstreet . ", " . $listingbarangay . "</h6></li>";
echo "<li><i>" . $listingdescription . "</i></li>";
echo "<ul>\n";
echo "<li>"."" . "<h2>" . $listingtitle . "</h2></li>\n";
echo "<li><h6>" . $listingaddress . ", " . $listingstreet . ", " . $listingbarangay . "</h6></li>";
echo "<li><i>" . $listingdescription . "</i></li>";
echo "<li style='float:right;'>By: " . $firstname . " " . $lastname . "</i></li>";
echo "</ul>";
echo "<hr width='80%' noshade='1'>";
}
mysqli_free_result($result);
}
}
while (mysqli_next_result($conn));
}
However, when I get to run it,the page loads, but results won't show. The purpose of it is to be able to display listing details from a listing-details table listed by the complete name from the user table. Two two tables have user-username column as common key.
Like many learners, you are using the wrong tool, simply because you don't know the proper one.
You need not a multiquery (which you never actually need anyway) but a JOIN.
Simply rewrite your two monster queries to a join like this
$searchquery="SELECT l.*, u.`user-username`, u.`user-firstname`, u.`user-lastname`
FROM `listing-details` l, user u
WHERE l.`user-username`=u.`user-username`
AND `listing-address` LIKE ...";
Besides, your quoting is wrong.
I copied this code from a website for using ajax jquery pagination in php with mysql. I have a mysql table with 5 columns. I want to show all columns of the mysql table - not only two.
I edited the while loop but I cannot insert more columns. Please help me - I am new here and it may be difficult to understand my question. sorry in advance.
$query_pag_data = "SELECT * from ebook LIMIT $start, $per_page";
$result_pag_data = mysql_query($query_pag_data) or die('MySql Error' . mysql_error());
$msg = "";
while ($row = mysql_fetch_array($result_pag_data)) {
$htmlmsg=htmlentities($row['title']); //HTML entries filter
$msg .= "<li><b>" . $row['id'] . "</b> " . $htmlmsg . "</li>";
}
$msg = "<div class='data'><ul>" . $msg . "</ul></div>"; // Content for Data
I have linked all code
http://www.9lessons.info/2010/10/pagination-with-jquery-php-ajax-and.html
You only show $row['id'] and $row['title'], just add some extra with the row names ;)
Example:
$msg .= "<li><b>" . $row['id'] . "</b> <i>" . $row['another_row_name'] . "</i>" . $htmlmsg . "</li>";
while ($row = mysql_fetch_array($result_pag_data)) {
$htmlmsg=htmlentities($row['title']); //HTML entries filter
$msg .= "<li><b>" . $row['id'] . "</b> " . $htmlmsg . "</b> " . $row['somefield'] ."</li>";
}
The different values are accessed by the $row array so it depends on what your column names are for the 5 columns.
you might what something like
$msg .= "<li><b>" . $row['colname1'] . "</b> " . $row['colname2'] . " " . $row['colname3'] . <insert more columns here> . "</li>" ;
this script is simply not working... can anyone tell me what I'm doing wrong?
$id = $_POST['id'];
$name = $_POST['name'];
$date = $_POST['date'];
$shortdesc = $_POST['shortdesc'];
$link = $_POST['link'];
$target = $_POST['target'];
$sort = $_POST['sort'];
$html = $_POST['html'];
include('appvars.php');
$query = "UPDATE insight SET name='".$name."' AND SET date='". $date . "' AND SET html='" . $html . "' AND SET shortdesc='" . $shortdesc . "' AND SET link='" . $link . "' AND SET target='" . $target . "' AND SET sort='" . $sort . "' WHERE id='" . $id . "'";
mysqli_query($dbc, $query);
You aren't escaping your values so you are vulnerable to SQL injection and also construction of invalid statements. For example, if any of your input strings contain an apostrophe then it could cause your code to fail.
Have a look at prepared statements that will make it much easier to construct your queries with parameters.
In your query you will also need to use commas instead of AND SET.
$query = "UPDATE insight SET name='foo', date='2012-12-10' WHERE id=42";
The syntax for UPDATE is described in the MySQL documentation:
UPDATE syntax
Use it like this,
$query = "UPDATE insight SET name='".$name."' ,date='". $date . "' ,html='" . $html . "' ,shortdesc='" . $shortdesc . "' ,link='" . $link . "' ,target='" . $target . "' ,sort='" . $sort . "' WHERE id='" . $id . "'";
Its working ... check now
$id = $_POST['id'];
$name = $_POST['name'];
$date = $_POST['date'];
$shortdesc = $_POST['shortdesc'];
$link = $_POST['link'];
$target = $_POST['target'];
$sort = $_POST['sort'];
$html = $_POST['html'];
include('appvars.php');
$query = "UPDATE insight SET name='".$name."' ,date='". $date . "' ,html='" . $html . "' ,shortdesc='" . $shortdesc . "' ,link='" . $link . "' ,target='" . $target . "' ,sort='" . $sort . "' WHERE id='" . $id . "'";
mysqli_query($dbc, $query);
I aint a pro at mysql, but a try.
I guess id is an integer. So, dont quote it.
Try this,
$query = "UPDATE insight SET name='".$name."' , date='". $date . "' , html='" . $html . "' , shortdesc='" . $shortdesc . "' , link='" . $link . "' , target='" . $target . "' , sort='" . $sort . "' WHERE id=". $id ;
I think the SQL syntax is not correct, you can use it like this: UPDATE tablename SET rowname = value , ....